Configuring Venafi TPP to use the Futurex Adaptable CA Driver

this section covers the following topics manage credentials create a ca template create a certificate policy manage credentials you must add the identity and tls client certificate {{ch}} created for the venafi adaptable ca service as credentials in venafi tpp define user credentials to define user credentials, perform the following steps log in to the venafi tpp web ui select policy tree in the main menu in the main policy tree, select add > credential > username credential in the username credential window, add the username and password created contained inside the credential txt file extracted from the venafi adaptable endpoint zip select \[ save ] define certificate credentials the tls client pkcs #12 file ( pki p12 ) mutually authenticates with the {{ch}} , allowing only authorized operation and establishing an encrypted tunnel to prevent man in the middle eavesdropping on traffic to define tls client certificate credentials in venafi tpp, perform the following steps log in to the venafi tpp web ui select policy tree in the main menu in the main policy tree, select add > credential > certificate credential in the certificate credential window, give the credential a name and choose the option to import a certificate and select the pki p12 file you extracted from the venafi adaptable ca endpoint zip the {{ch}} generated for the service specify the corresponding private key password contained within the pki password txt file that was also extracted from the venafi adaptable ca endpoint zip after successfully importing the certificate, select \[ save ] to complete the process create a ca template to create ca templates in venafi tpp, perform the following steps empllog in to the venafi tpp web ui select policy tree in the main menu in the main policy tree, select add > ca template > adaptable in the add new adaptable window, define the following general and connection fields ca name the desired ca name username credential the username credential you created certificate credential the certificate credential you created service address the {{ch}} ip address or hostname and the host api port number contained inside the info txt file profile string the container name and name of the issuing ca certificate on the {{ch}} powershell script {{futurex}} {{k}} ca if custom x 509 extensions, validity periods, or {{futurex}} approval groups are desired, define them in the custom fields section note that the futurexcreatecustomfields ps1 script must run successfully for these to be visible select \[ validate ] to test the connection and authentication with the {{ch}} this can take up to 5 15 seconds to complete select \[ save ] create a certificate policy to create certificate policies, perform the following steps log in to the venafi tpp web ui select policy tree in the main menu in the main policy tree, select add > policy in the add new policy window, define the policy name and any other desired settings, and select \[ save ] go to the certificate tab for the new policy in the other information section, select the three dots next to the ca template field and select the ca template you created select \[ save ]